GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,512
Composer 4,179
Erlang 31
GitHub Actions 19
Go 1,982
Maven 5,155
npm 3,701
NuGet 656
pip 3,323
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 233,002

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

145 advisories

Filter by severity

Sort by

Least recently updated

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI... Moderate Unreviewed

CVE-2021-20844 was published Nov 25, 2021

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log... Moderate Unreviewed

CVE-2021-43410 was published Dec 10, 2021

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is... Moderate Unreviewed

CVE-2021-40007 was published Dec 14, 2021

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed

CVE-2022-0210 was published Jan 19, 2022

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is... Moderate Unreviewed

CVE-2021-29872 was published Jan 19, 2022

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user... Moderate Unreviewed

CVE-2021-45226 was published Jan 25, 2022

A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed

CVE-2022-22992 was published Jan 29, 2022

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,... Moderate Unreviewed

CVE-2022-0220 was published Feb 2, 2022

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface... Moderate Unreviewed

CVE-2021-43106 was published Feb 15, 2022

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed

CVE-2022-25235 was published Feb 17, 2022

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly... High Unreviewed

CVE-2022-22151 was published Mar 12, 2022

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection... Moderate Unreviewed

CVE-2022-22344 was published Mar 15, 2022

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed

CVE-2022-22734 was published Mar 15, 2022

The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed

CVE-2022-0450 was published Mar 29, 2022

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470.... High Unreviewed

CVE-2021-42324 was published Apr 6, 2022

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior... High Unreviewed

CVE-2022-0935 was published Apr 8, 2022

The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed

CVE-2009-4267 was published May 2, 2022

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by... High Unreviewed

CVE-2021-29854 was published May 4, 2022

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed

CVE-2021-39027 was published May 7, 2022

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a... High Unreviewed

CVE-2016-2568 was published May 13, 2022

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended... High Unreviewed

CVE-2013-4547 was published May 13, 2022

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ... High Unreviewed

CVE-2018-8920 was published May 13, 2022

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed

CVE-2018-2389 was published May 13, 2022

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8... High Unreviewed

CVE-2018-8609 was published May 13, 2022

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed

CVE-2019-0857 was published May 13, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145 advisories